WhatsApp Spyware Attack

Facebook Inc owned WhatsApp has confirmed that it has detected zero-day vulnerability on its platform that targeted surveillance (spyware) attack on its users. It has urged its users to install latest version of the app which has patch to close this vulnerablity.

What is this spyware attack?

Zero-day vulnerability in WhatsApp has led to targeted surveillance attack on its users that Leave users open to spyware that could turn on their phone’s camera and microphone, and collect location data.

Software called Pegasus created by private Israeli firm NSO Group is able to take advantage of security loophole in WhatsApp’s voice call function to carry out the attack. It can also trawl through emails and messages. This software is mainly operated by intelligence and law enforcement agencies

How it attacks?

Using Pegasus, attackers could simply call user to install malicious surveillance software (spyaware), even when call was not taken. It also claimed that call would sometimes not even show up in the user’s call log.